root

Schmidt András asch at freemail.hu
Fri Jan 11 17:16:37 CET 2008


Hi!

I have dark thoughts today and just wanted to stir the already boiling 
water a little :-). Sorry for doing that!

Certainly I did not mean it really seriously :-). Although I mean that 
creating a user that can access our private data and network as well but 
has no system privileges (as it is now common in widespread desktop 
Linuxes) will not protect your personal data (from web scripts, ssh 
attackers and so) at all. And that data has the most value for the user.

You are right, a well configured access restriction scheme for the web 
browser, instant messaging, ad-hoc network protocols and such would have 
serious benefit for the phone (and desktop systems as well).

I assume that sudo prevents the harware to be bricked accidentally by 
the user or by a userspace program. What I wanted to mean is that 
protecting the user's data is more important than protecting the device 
itself.

Cheers
SA

Ted Lemon wrote:
> On Jan 11, 2008, at 5:56 AM, Schmidt András wrote:
>> In my opinion there is nothing that the root account can protect on a 
>> single user handheld device.
>> Phones are normally used single user.
>> When an application gets the rights for that user then it can access 
>> all personal information and all network resources (Wifi, GSM 
>> network). What else remains? What resource would you protect with the 
>> root account?
>
> If this is a sincere question, I'd really encourage you to give the 
> OLPC bitfrost spec a read:
>
>     http://wiki.laptop.org/go/Bitfrost
>
> Unfortunately, the conclusion you've drawn is completely wrong.   I'm 
> very interested in the OLPC Bitfrost work - I think it has application 
> in the wider sphere of Linux implementations, and the OpenMoko 
> environment is a classic case.
>
>
> _______________________________________________
> OpenMoko community mailing list
> community at lists.openmoko.org
> http://lists.openmoko.org/mailman/listinfo/community
>
>





More information about the community mailing list